exo-iam

List all of the IAM roles

$ exo iam role list

$ exo iam api-key create [api_key_name] [iam_role_name]

$ cat [/path/to/policy.json] | exo iam role create [iam_role_name] --editable --policy -

$ exo iam role show [iam_role_name] --policy [[-O|--output-format]] [json] | jq .

$ cat [/path/to/policy.json] | exo iam org-policy update -

The 'exo-iam' functionality is accessed via the exo command-line tool. The general syntax for performing IAM operations is:

exo iam <subcommand> [options] [arguments]

Where <subcommand> specifies the specific IAM resource to manage (e.g., key, user, group, role, policy) and options and arguments are specific to that subcommand's action (e.g., create, list, delete).

subcommands (e.g., key, user, group, role, policy)
    These act as the primary 'parameters' for the iam group, specifying the type of IAM resource to interact with. Each subcommand then has its own set of actions and specific options.

-h, --help
    Displays help information for the iam command or a specific IAM subcommand, showing available actions and their respective options.

--output <format>
    Specifies the output format for the command's result (e.g., json, text, table). This is a common option across most exo CLI commands.

--profile <name>
    Specifies an Exoscale CLI profile to use for authentication and configuration, overriding the default or environment variables.

--region <name>
    Specifies the Exoscale region to which the command should apply. This is generally less critical for global IAM resources but can be relevant for other exo commands.

The 'exo-iam' functionality refers to the set of commands within the Exoscale CLI (exo) that are dedicated to managing Identity and Access Management (IAM) resources. It is not a standalone Linux command but rather a conceptual grouping under the exo iam subcommand.

Through this interface, users can programmatically control access to their Exoscale cloud resources. This includes managing IAM users, creating and revoking API keys, defining roles and groups, and attaching fine-grained policies to control permissions. It's an essential tool for automating IAM tasks, integrating with CI/CD pipelines, and ensuring robust security practices within an Exoscale environment.

The 'exo-iam' command is not a standard Linux utility; it is part of the Exoscale Cloud CLI (exo). To use it, you must first install the exo CLI tool and configure it with your Exoscale API keys. Operations performed with exo iam commands directly affect your Exoscale cloud infrastructure and its security, so exercise caution, especially with commands that create, modify, or delete IAM resources.

Typical usage involves chaining iam with subcommands and actions:
Listing IAM users: exo iam user list
Creating an IAM key: exo iam key create --name 'my-new-key'
Attaching a policy: exo iam policy attach --user 'my-user' --policy 'read-only'

exo-iam commands operate on core IAM concepts such as:
Users: Human or service identities.
API Keys: Credentials for programmatic access.
Groups: Collections of users to simplify permission management.
Roles: Defines a set of permissions that can be assumed by a user or service.
Policies: Documents that define permissions (what actions are allowed or denied on which resources).

The exo CLI, including its IAM functionalities, has been developed and maintained by Exoscale as the primary command-line interface for interacting with their cloud services. It has evolved alongside the Exoscale platform, continually adding support for new services and features, including advanced IAM capabilities to meet the growing demands for secure and granular access control.

exo(1) (Exoscale CLI), aws cli iam(1) (AWS IAM CLI), gcloud iam(1) (Google Cloud IAM CLI)